Week in Core, August 23 – 30, 2016

Welcome back the latest issue of Week in Core, covering changes [38346-38455]. Here are the highlights:

  • 110 commits
  • 62 contributors
  • 111 tickets created
  • 20 tickets reopened
  • 128 tickets closed

Ticket numbers based on trac timeline for the period above. The following is a summary of commits, organized by component.

Code Changes


  • Hide the “No activity yet” smiley from assistive technologies. [38448] #37511
  • Improve the file upload inputs styling [38435] #35552


  • Allow WP_Screen to be checked via autoload in convert_to_screen(). [38414] #36335


  • Underline links in the admin footer for better accessibility. [38347] #37529


  • Check that ini_get_all() exists before calling it, allows us to work around hosts who disable the function for “security purposes”. [38431] #37680
  • Fix failing external HTTP tests after [38411] [38416] #36335
  • After r38409 and r38410, revert r38402 which reverted r38399 [38411] #36335
  • Run composer install after r38409. [38410] #36335
  • Move composer.{json|lock} into src. [38409] #36335
  • Revert [38399] as it’s broken /build/ and subsequently core.svn.wordpress.org [38402] #36335
  • Autoload classes using a Composer-generated PHP 5.2-compatible Autoloader [38399] #36335
  • Exclude more files from the autoloader.classmap in composer.json. [38395] #36335
  • Add composer.lock and src/wp-vendor files. Nothing is using this code yet, just going through the motions. Ignore the files in src/wp-vendor/composer that will explode in PHP 5.2. [38394] #36335
  • Run composer require xrstf/composer-php52 to get the updated suggested version. Change the vendor-dir to wp-vendor. [38393] #36335
  • Exclude some files from the Composer autoload setup via exclude-from-classmap. [38391] #36335
  • Load option.php in wp-settings.php, not in functions.php. [38386] #36335
  • Add a composer.json file to the project. No code relies on it (yet), and no vendor dir is checked in (yet). No autoloader is being used (yet). Taking this first step will hopefully encourage the perfectionists of our world to scrutinize each line [38384] #36335

Build/Test Tools

  • Add support for is_front_page() to assertQueryTrue() and assert that all the tested conditions are supported by the method. [38405] #37849
  • Remove many unnecessary calls to rand_str() which can, in theory, fail at random. Static strings are much more appropriate. [38382] #37371
  • Ensure the Tests_Query_Conditionals tests set up the environment correctly before re-registering initial taxonomies. [38407] #37851
  • Require Basic_Object and Basic_Subclass files earlier in call stack [38445] #37523
  • Add docblocks for Basic_Object and Basic_Subclass classes. [38444] #37523
  • Use shared fixture in comment_exists() tests. [38372] #37842


  • Don’t do direct SQL query when fetching decendants [38446] #37696
  • Add support for all HTTP protocol versions when returning a 405 from wp-comments-post.php. [38432] #37863



  • Allow users to more seamlessly create page-based nav menus during customization [38436] #34923
  • Circumvent the customizer attempting to preview links to static assets (such as uploaded images) [38396] #37828



  • Alignment after [38369]. [38370] #37770
  • Correct various documentation around object and stdClass types. [38369] #37770
  • Add a missing parenthesis in an example in the DocBlock for wp_redirect(). [38350] #37770
  • Improve the docs for the_title() and make them more consistent with the_title_attribute(). [38348] #37732


  • Fix jumpiness on pressing backspace and delete in the Text editor. [38426] #37690
  • Use Beacon API over sync request [38425] #
  • Improve word-count.js documentation. [38358] #37718


  • Wp-settings.php loads class-wp-embed.php, which currently produces side effects. Move the global instantiation to wp-settings.php. WP_Embed is then in a file by itself. [38362] #37827
  • Add a missing regex delimiter for Facebook URLs. [38368] #34737
  • Add support for embedding Facebook posts and videos via oEmbed. [38367] #34737
  • Many of our oEmbed providers now default to HTTPS embeds, redirect to the HTTPS oEmbed endpoint, or have complete support for HTTPS even if they don’t default to HTTPS [38366] #28507
  • Always use the HTTPS endpoint for YouTube embeds. The scheme parameter is no longer required as all YouTube assets now use HTTPS. [38365] #36274, #28507


  • Ensure that there is only one class named ftp, which is what is expected in the loading of this arcane library. This ensures that an autoload generator, something along the lines of Composer, won’t hiccup when it gets to these files. [38380] #36335


  • Move ‘WP_Feed_Cache’, ‘WP_Feed_Cache_Transient’, WP_SimplePie_File and WP_SimplePie_Sanitize_KSES into their own files via svn cp. If we move forard with autoloading, class-feed.php is useless. We could even remove it now, and just load these new files in wp-settings.php. That can be decided post-mortem. class-feed.php is an interesting name: there is no Feed or WP_Feed class. [38354] #37827


  • Add a parameter to wp_send_json_error(), wp_send_json_success(), and wp_send_json() for specifying the HTTP response code [38422] #35666
  • For a performance boost in remove_accents(), convert chr() calls to string literals. [38359] #37643


  • AJAX actions for List Tables do not need to declare global $wp_list_table. List tables on admin screens are in global scope, and they contain hooks that don’t pass the the list table as context, hence using globals there so that functions can import them. That problem does not exist in the AJAX actions, which are virtually impossible to hook into as is. [38455] #37699
  • Move _WP_List_Table_Compat into its own file. [38392] #37827
  • There is no good reason for class-wp-site-icon.php to drop a global instance of itself whenever the file is loaded. The lone use of the global instance of WP_Site_Icon is in an AJAX action that provides virtually no way to override – the file is loaded immediately before the global is used. [38355] #37699
  • Correct the documentation for the wp_dropdown_users_args filter description and its parameters. [38406] #37770
  • After r38303, replace usage of global $_wp_additional_image_sizes with wp_get_additional_image_sizes(). [38383] #37699
  • Move WP_Session_Tokens and WP_User_Meta_Session_Tokens into their own files via svn cp. If we move forard with autoloading, session.php is useless. We could even remove it now, and just load these new files in wp-settings.php. That can be decided post-mortem. [38353] #37827
  • Move WP_Text_Diff_Renderer_inline (behold that lowercase “i”) and WP_Text_Diff_Renderer_Table into their own files via svn cp. [38352] #37827
  • Break up class-IXR.php into individual class files. [38389] #37827
  • After [38399], update the .gitignore file accordingly. [38401] #36335


  • Accept non-string values in cookies, fixing a regression since 4.5. [38430] #37768
  • Handle an edgecase within the URI parsing library included in Requests, where if a double slash exists at the start of the path the URL is passed to cURL malformed. [38429] #37733
  • Separate the test for wp_parse_url() with -1 as its component into a separate test, so the remaining tests can use strict type checking. This helps avoid gotches with the potentially empty values (ie. null) that we’re testing for. [38453] #36356
  • The tests for wp_parse_url() can’t be strict on type because this causes the tests to fail on PHP 5.2 which, bizarrely, returns the results of parse_url() (when called with a $component parameter) in a different order to later PHP versions. [38452] #36356
  • Prevent a fatal error on PHP < 5.4.7 due to changes introduced in [38449]. [38450] #36356
  • Add a $component parameter to wp_parse_url() to give it parity with PHP’s parse_url() function. [38449] #36356


  • Correct various instances of incorrect usage of esc_attr_e(). [38424] #37457Iimprove accuracy of docs. [38360] #37585
  • After r38364, check that global $wp_locale is an instance of WP_Locale before calling ->is_rtle() in is_rtl(). [38438] #37827
  • Retire another remaining wp-includes/locale.php require, and instead load the required WP_Locale class directly. [38404] #37827
  • Move is_rtl() to l10n.php (which loads way earlier). Load WP_Locale file in wp-settings.php. Retire wp-includes/locale.php – it only loaded the class and the one function, is_rtl(). If someone loaded this file for fun somewhere else, it would be a fatal error. [38364] #37827


  • Move WP_MatchesMapRegex into its own file. [38376] #37827
  • Remove class-feed.php (There is no class named Feed or WP_Feed, it just loads other classes) and, instead, move the require calls to the only place they are ever included: inside fetch_feed(). This simplifies the include path. [38374] #36335
  • Remove session.php and, instead, move the 2 require calls to wp-settings.php. This simplifies the include path. [38373] #36335
  • Load class-phpass.php (PasswordHash class) early in wp-settings.php, instead of require_once()’ing it in several places. [38371] #36335
  • Move is_wp_error() to load.php so that WP_Error is in a file by itself. [38363] #37827


  • Add a $wp_error parameter to wp_insert_attachment() to give it parity with wp_insert_post(). [38408] #37813


  • Move get_current_site() to load.php so that it can be used in more places, instead of importing global $current_site. [38388] #37699


  • Add unit tests. @group external-oembed is not run by default. [38454] #32360
  • Move _wp_oembed_get_object() to embed.php, where all of the other embed functions live. WP_oEmbed is then in a file by itself. Load class-oembed.php in wp-settings.php and remove extraneous include calls. [38361] #37827


  • Correct an invalid peramstructure tag in a test. [38417] #37858

Post Thumbnails

  • Prevent post thumbnail previews from spilling into other images [38433] #37697

Posts, Post Types

  • Introduce a missing private query var that should have been introduced as part of #15459 [38451] #15459, #34982
  • Don’t improperly cast IDs when fetching post, user, or term objects. [38381] #37738

Press This

  • The file for the WP_Press_This class should not produce side effects. Similar to what we did in r38355 for WP_Site_Icon, drop the instances of global instantiation for $wp_press_this via loading the file. The variable can be set inline when necessary. In most of those places, if the global is already set, the file does not load and stomp it currently. [38397] #37699


  • Add and improve tests for query conditionals on the front page and home page. [38413] #37851
  • Collapse several of the is_* methods using __call(). Add method annotations. [38356] #37830
  • Move WP_Query into its own file via svn cp. [38351] #37827


  • Only users who can manage options should be able to trash/delete the page for posts or the front page, as they are the only users who can restore it or subsequently alter the “Front page displays” setting. [38378] #37580
  • Set a property, $db, on WP_Roles to reduce global imports. [38387] #37699

Script Loader


  • Return a 403 instead of a 200 HTTP status when check_ajax_referer() fails [38421] #36362
  • Trigger a _doing_it_wrong() when check_ajax_referer() is called without its first parameter. This brings it inline with check_admin_referer(). [38420] #36361


  • Remove unnecessary uniqueness check in get_attachment_taxonomies(). [38437] #37368
  • Eliminate unnecessary variable in WP_Term_Query. [38377] #37544


  • Correct the type for the $name parameter of the get_header, get_footer, get_sidebar, and get_template_part_{$slug} hooks. [38434] #37770
  • Correct the list of possible values for the dynamic portion of the {$type}_template_hierarchy and {$type}_template filters. [38428] #14310
  • Introduce tests for the theme template hierarchy. [38419] #14310
  • Update filter names in the inline documentation for the get_*_template() functions. [38418] #14310, #37770
  • Remove failing tests introduced in [38390]. [38403] #14310
  • Begin introducing unit tests for the expected theme template hierarchy. More to come. [38390] #14310
  • Make the template hierarchy for a given template type filterable [38385] #14310


  • Change the default font for the vi locale to the same stack as he_IL. [38427] #37755
  • Fix toolbars alignment in RTL. [38349] #37760

Unit tests

  • Enforce $args object in wp_nav_menu() & Walker_Nav_Menu [38400] #24587


  • Don’t display PHP errors during installation [38423] #37358
  • After [37687], fix the number of params passed to the upgrade hooks [38415] #37731
  • Wp-admin/includes/class-wp-upgrader-skins.php is unused, remove it. All of the same includes are loaded in class-wp-upgrader.php. [38379] #37827


Thanks to @afercia, @Akeif, @andizer, @Ankit, @azaozz, @boonebgorges, @celloexpressions, @Chaos, @danielkanchev, @dd32, @deeptiboddapati, @diagnose, @DrewAPicture, @DylanAuty, @Engine, @flixos90, @fo, @Frank, @Frozzare, @GaryJ, @gitlost, @grapplerulrich, @Gupta, @helping, @henrywright, @ionutst, @iseulde, @issue, @ixkaito, @JakePT, @jipmoors, @joemcgill, @johnbillion, @JohnPBloch, @jrf, @K, @Klein, @kraftbj, @mapk, @melchoyce, @mrahmadawais, @nmt90, @ocean90, @pento, @peterwilsoncc, @Presskopp, @Rarst, @rodrigosprimo, @SergeyBiryukov, @shayanys, @stephenharris, @swisspidy, @swissspidy, @this, @TimothyBlynJacobs, @tnash, @to, @tollmanz, @valendesigns, @westonruter, @wonderboymusic, and @zsusag for their contributions!

#4-7, #week-in-core